From ef55c866fc0d4551f682f2961621ef64cb58ecae Mon Sep 17 00:00:00 2001 From: Travis Sturzl Date: Tue, 24 Jun 2025 11:10:16 -0600 Subject: [PATCH 1/6] add provider and store api support --- src/_cffi_src/openssl/context.py | 21 +++++++++++++++ src/_cffi_src/openssl/provider.py | 23 ++++++++++++++++ src/_cffi_src/openssl/ssl.py | 3 +++ src/_cffi_src/openssl/store.py | 45 +++++++++++++++++++++++++++++++ 4 files changed, 92 insertions(+) create mode 100644 src/_cffi_src/openssl/context.py create mode 100644 src/_cffi_src/openssl/provider.py create mode 100644 src/_cffi_src/openssl/store.py diff --git a/src/_cffi_src/openssl/context.py b/src/_cffi_src/openssl/context.py new file mode 100644 index 000000000000..1b09e6e05373 --- /dev/null +++ b/src/_cffi_src/openssl/context.py @@ -0,0 +1,21 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import annotations + +includes = """ +#include +""" + +TYPES = """ +typedef ... OSSL_LIB_CTX; +""" + +FUNCTIONS = """ +OSSL_LIB_CTX *OSSL_LIB_CTX_new(void); +void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); +""" + +CUSTOMIZATIONS = """ +""" diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py new file mode 100644 index 000000000000..da98bbd5f7f3 --- /dev/null +++ b/src/_cffi_src/openssl/provider.py @@ -0,0 +1,23 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import annotations + +includes = """ +#include +""" + +TYPES = """ +typedef ... OSSL_PROVIDER; +""" + +FUNCTIONS = """ +OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *); +OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *, int); +int OSSL_PROVIDER_unload(OSSL_PROVIDER *); +int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *); +""" + +CUSTOMIZATIONS = """ +""" diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index a72db401efd5..36559729ea0e 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -127,6 +127,8 @@ typedef ... SSL; +typedef ... OSSL_LIB_CTX; + static const long TLSEXT_NAMETYPE_host_name; static const long TLSEXT_STATUSTYPE_ocsp; @@ -336,6 +338,7 @@ /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/ SSL_CTX *SSL_CTX_new(SSL_METHOD *); +SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *, const char *, const SSL_METHOD *); long SSL_CTX_get_timeout(const SSL_CTX *); const SSL_CIPHER *SSL_get_current_cipher(const SSL *); diff --git a/src/_cffi_src/openssl/store.py b/src/_cffi_src/openssl/store.py new file mode 100644 index 000000000000..8fa758143997 --- /dev/null +++ b/src/_cffi_src/openssl/store.py @@ -0,0 +1,45 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import annotations + +includes = """ +#include +""" + +TYPES = """ +typedef ... OSSL_STORE_CTX; +typedef ... UI_METHOD; +typedef ... OSSL_STORE_post_process_info_fn; +typedef ... OSSL_STORE_INFO; +""" + +FUNCTIONS = """ +OSSL_STORE_CTX * OSSL_STORE_open(const char *, const UI_METHOD *, + void *, OSSL_STORE_post_process_info_fn, void *); +OSSL_STORE_CTX * OSSL_STORE_open_ex(const char *, OSSL_LIB_CTX *, const char *, + const UI_METHOD *, void *, + const OSSL_PARAM [], + OSSL_STORE_post_process_info_fn, + void *); +int OSSL_STORE_close(OSSL_STORE_CTX *); +const char *OSSL_STORE_INFO_type_string(int); + +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *); +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *); +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *); +EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *); +EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *); +""" + +CUSTOMIZATIONS = """ +""" From b2573ca83ba8a4d92f2cb219685d38138f5f18f4 Mon Sep 17 00:00:00 2001 From: Travis Sturzl Date: Wed, 25 Jun 2025 10:31:59 -0600 Subject: [PATCH 2/6] it builds and I can use the functions --- src/_cffi_src/build_openssl.py | 3 +++ src/_cffi_src/openssl/context.py | 2 +- src/_cffi_src/openssl/provider.py | 2 +- src/_cffi_src/openssl/ssl.py | 2 -- src/_cffi_src/openssl/store.py | 4 ++-- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 7c3bab20f3a0..797c2635234b 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -37,11 +37,14 @@ "pem", "rand", "rsa", + "context", "ssl", "x509", "x509name", "x509v3", "x509_vfy", + "provider", + "store", ], ) diff --git a/src/_cffi_src/openssl/context.py b/src/_cffi_src/openssl/context.py index 1b09e6e05373..0fd71404e85f 100644 --- a/src/_cffi_src/openssl/context.py +++ b/src/_cffi_src/openssl/context.py @@ -4,7 +4,7 @@ from __future__ import annotations -includes = """ +INCLUDES = """ #include """ diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py index da98bbd5f7f3..331752f7bc1b 100644 --- a/src/_cffi_src/openssl/provider.py +++ b/src/_cffi_src/openssl/provider.py @@ -4,7 +4,7 @@ from __future__ import annotations -includes = """ +INCLUDES = """ #include """ diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 36559729ea0e..f0a127b49ada 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -127,8 +127,6 @@ typedef ... SSL; -typedef ... OSSL_LIB_CTX; - static const long TLSEXT_NAMETYPE_host_name; static const long TLSEXT_STATUSTYPE_ocsp; diff --git a/src/_cffi_src/openssl/store.py b/src/_cffi_src/openssl/store.py index 8fa758143997..1fe4ea862d10 100644 --- a/src/_cffi_src/openssl/store.py +++ b/src/_cffi_src/openssl/store.py @@ -4,15 +4,15 @@ from __future__ import annotations -includes = """ +INCLUDES = """ #include """ TYPES = """ typedef ... OSSL_STORE_CTX; -typedef ... UI_METHOD; typedef ... OSSL_STORE_post_process_info_fn; typedef ... OSSL_STORE_INFO; +typedef ... OSSL_PARAM; """ FUNCTIONS = """ From 496447118e351f56712e6e87a6619e65b29033e3 Mon Sep 17 00:00:00 2001 From: Travis Sturzl Date: Wed, 25 Jun 2025 20:49:30 -0600 Subject: [PATCH 3/6] add some endpoints, and remove some that aren't availble in earlier versions --- src/_cffi_src/openssl/provider.py | 4 +++- src/_cffi_src/openssl/store.py | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py index 331752f7bc1b..0e6a8d1d3cc8 100644 --- a/src/_cffi_src/openssl/provider.py +++ b/src/_cffi_src/openssl/provider.py @@ -13,10 +13,12 @@ """ FUNCTIONS = """ +int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *); + OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *); OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *, int); int OSSL_PROVIDER_unload(OSSL_PROVIDER *); -int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *); +range-select) """ CUSTOMIZATIONS = """ diff --git a/src/_cffi_src/openssl/store.py b/src/_cffi_src/openssl/store.py index 1fe4ea862d10..25d49acc4d91 100644 --- a/src/_cffi_src/openssl/store.py +++ b/src/_cffi_src/openssl/store.py @@ -10,9 +10,10 @@ TYPES = """ typedef ... OSSL_STORE_CTX; -typedef ... OSSL_STORE_post_process_info_fn; typedef ... OSSL_STORE_INFO; typedef ... OSSL_PARAM; +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); """ FUNCTIONS = """ From c3058839eac71c6868faac89c75b8a7d0f13e560 Mon Sep 17 00:00:00 2001 From: Travis Sturzl Date: Thu, 26 Jun 2025 16:24:19 -0600 Subject: [PATCH 4/6] remove typo --- src/_cffi_src/openssl/provider.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py index 0e6a8d1d3cc8..9095a6a324e0 100644 --- a/src/_cffi_src/openssl/provider.py +++ b/src/_cffi_src/openssl/provider.py @@ -18,7 +18,6 @@ OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *); OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *, int); int OSSL_PROVIDER_unload(OSSL_PROVIDER *); -range-select) """ CUSTOMIZATIONS = """ From a32e720e756ec4ffc86646fc8d0c78c9283e02a5 Mon Sep 17 00:00:00 2001 From: Travis Sturzl Date: Thu, 26 Jun 2025 16:54:40 -0600 Subject: [PATCH 5/6] exclude from other SSL libs --- src/_cffi_src/openssl/context.py | 5 +++++ src/_cffi_src/openssl/provider.py | 11 +++++++++++ src/_cffi_src/openssl/ssl.py | 3 +++ src/_cffi_src/openssl/store.py | 27 +++++++++++++++++++++++++++ 4 files changed, 46 insertions(+) diff --git a/src/_cffi_src/openssl/context.py b/src/_cffi_src/openssl/context.py index 0fd71404e85f..bbdae5136882 100644 --- a/src/_cffi_src/openssl/context.py +++ b/src/_cffi_src/openssl/context.py @@ -18,4 +18,9 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL \ + || CRYPTOGRAPHY_IS_AWSLC +OSSL_LIB_CTX *(*OSSL_LIB_CTX_new)(void) = NULL; +void (*OSSL_LIB_CTX_free)(OSSL_LIB_CTX *) = NULL; +#endif """ diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py index 9095a6a324e0..9af3ffc2fe27 100644 --- a/src/_cffi_src/openssl/provider.py +++ b/src/_cffi_src/openssl/provider.py @@ -21,4 +21,15 @@ """ CUSTOMIZATIONS = """ + +#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL \ + || CRYPTOGRAPHY_IS_AWSLC +int (*OSSL_PROVIDER_set_default_search_path)(OSSL_LIB_CTX *, + const char *) = NULL; + +OSSL_PROVIDER *(*OSSL_PROVIDER_load)(OSSL_LIB_CTX *, const char *) = NULL; +OSSL_PROVIDER *(*OSSL_PROVIDER_try_load)(OSSL_LIB_CTX *, + const char *, int) = NULL; +int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) +#endif """ diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index f0a127b49ada..055d7c83d488 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -651,6 +651,9 @@ size_t *, SSL_SESSION ** )) = NULL; + +SSL_CTX *(*SSL_CTX_new_ex)(OSSL_LIB_CTX *, + const char *, const SSL_METHOD *) = NULL; #if CRYPTOGRAPHY_IS_BORINGSSL const SSL_CIPHER *(*SSL_CIPHER_find)(SSL *, const unsigned char *) = NULL; #endif diff --git a/src/_cffi_src/openssl/store.py b/src/_cffi_src/openssl/store.py index 25d49acc4d91..99a19ef9d1c7 100644 --- a/src/_cffi_src/openssl/store.py +++ b/src/_cffi_src/openssl/store.py @@ -43,4 +43,31 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL \ + || CRYPTOGRAPHY_IS_AWSLC +OSSL_STORE_CTX * (*OSSL_STORE_open)(const char *, const UI_METHOD *, + void *, OSSL_STORE_post_process_info_fn, void *) = NULL; +OSSL_STORE_CTX * (*OSSL_STORE_open_ex)(const char *, OSSL_LIB_CTX *, + const char *, + const UI_METHOD *, void *, + const OSSL_PARAM [], + OSSL_STORE_post_process_info_fn, + void *) = NULL; +int (*OSSL_STORE_close)(OSSL_STORE_CTX *) = NULL; +const char *(*OSSL_STORE_INFO_type_string)(int) = NULL; + +OSSL_STORE_INFO *(*OSSL_STORE_load)(OSSL_STORE_CTX *) = NULL; +void (*OSSL_STORE_INFO_free)(OSSL_STORE_INFO *) = NULL; +int (*OSSL_STORE_INFO_get_type)(const OSSL_STORE_INFO *) = NULL; +EVP_PKEY *(*OSSL_STORE_INFO_get0_PARAMS)(const OSSL_STORE_INFO *) = NULL; +EVP_PKEY *(*OSSL_STORE_INFO_get1_PARAMS)(const OSSL_STORE_INFO *) = NULL; +EVP_PKEY *(*OSSL_STORE_INFO_get0_PUBKEY)(const OSSL_STORE_INFO *) = NULL; +EVP_PKEY *(*OSSL_STORE_INFO_get1_PUBKEY)(const OSSL_STORE_INFO *) = NULL; +EVP_PKEY *(*OSSL_STORE_INFO_get0_PKEY)(const OSSL_STORE_INFO *) = NULL; +EVP_PKEY *(*OSSL_STORE_INFO_get1_PKEY)(const OSSL_STORE_INFO *) = NULL; +X509 *(*OSSL_STORE_INFO_get0_CERT)(const OSSL_STORE_INFO *) = NULL; +X509 *(*OSSL_STORE_INFO_get1_CERT)(const OSSL_STORE_INFO *) = NULL; +X509_CRL *(*OSSL_STORE_INFO_get0_CRL)(const OSSL_STORE_INFO *) = NULL; +X509_CRL *(*OSSL_STORE_INFO_get1_CRL)(const OSSL_STORE_INFO *) = NULL; +#endif """ From c9eaa2c98f933bd67f5726c1e1b00dc9a2f090e8 Mon Sep 17 00:00:00 2001 From: Travis Sturzl Date: Thu, 26 Jun 2025 17:00:03 -0600 Subject: [PATCH 6/6] missed one --- src/_cffi_src/openssl/provider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py index 9af3ffc2fe27..9a70df98fc94 100644 --- a/src/_cffi_src/openssl/provider.py +++ b/src/_cffi_src/openssl/provider.py @@ -30,6 +30,6 @@ OSSL_PROVIDER *(*OSSL_PROVIDER_load)(OSSL_LIB_CTX *, const char *) = NULL; OSSL_PROVIDER *(*OSSL_PROVIDER_try_load)(OSSL_LIB_CTX *, const char *, int) = NULL; -int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) +int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) = NULL; #endif """